Ubuntu 13.04 USN-1987-1 Critical: GnuPG Denial Of Service
Oct 09, 2013
•
LinuxSecurity Advisories
1 - 2 min read
Topics Covered
Several security issues were fixed in GnuPG.
=========================================================================Ubuntu Security Notice USN-1987-1 October 09, 2013 gnupg, gnupg2 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in GnuPG. Software Description: - gnupg: GNU privacy guard - a free PGP replacement - gnupg2: GNU privacy guard - a free PGP replacement Details: Daniel Kahn Gillmor discovered that GnuPG treated keys with empty usage flags as being valid for all usages. (CVE-2013-4351) Taylor R Campbell discovered that GnuPG incorrectly handled certain OpenPGP messages. If a user or automated system were tricked into processing a specially-crafted message, GnuPG could consume resources, resulting in a denial of service. (CVE-2013-4402) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.04: gnupg 1.4.12-7ubuntu1.2 gnupg2 2.0.19-2ubuntu1.1 Ubuntu 12.10: gnupg 1.4.11-3ubuntu4.3 gnupg2 2.0.17-2ubuntu3.2 Ubuntu 12.04 LTS: gnupg 1.4.11-3ubuntu2.4 gnupg2 2.0.17-2ubuntu2.12.04.3 Ubuntu 10.04 LTS: gnupg 1.4.10-2ubuntu1.4 gnupg2 2.0.14-1ubuntu1.6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1987-1 CVE-2013-4351, CVE-2013-4402 Package Information: https://launchpad.net/ubuntu/+source/gnupg/1.4.12-7ubuntu1.2 https://launchpad.net/ubuntu/+source/gnupg2/2.0.19-2ubuntu1.1 https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu4.3 https://launchpad.net/ubuntu/+source/gnupg2/2.0.17-2ubuntu3.2 https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.4 https://launchpad.net/ubuntu/+source/gnupg2/2.0.17-2ubuntu2.12.04.3 https://launchpad.net/ubuntu/+source/gnupg/1.4.10-2ubuntu1.4 https://launchpad.net/ubuntu/+source/gnupg2/2.0.14-1ubuntu1.6
PREVIOUS
NEXT
Ubuntu 13.04 USN-1987-1 Critical: GnuPG Denial Of Service
ubuntu
October 9, 2013
Several security issues were fixed in GnuPG.
Summary
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 13.04: gnupg 1.4.12-7ubuntu1.2 gnupg2 2.0.19-2ubuntu1.1 Ubuntu 12.10: gnupg 1.4.11-3ubuntu4.3 gnupg2 2.0.17-2ubuntu3.2 Ubuntu 12.04 LTS: gnupg 1.4.11-3ubuntu2.4 gnupg2 2.0.17-2ubuntu2.12.04.3 Ubuntu 10.04 LTS: gnupg 1.4.10-2ubuntu1.4 gnupg2 2.0.14-1ubuntu1.6 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-1987-1
CVE-2013-4351, CVE-2013-4402
Severity
critical
Lowest
Low
Medium
High
Critical
October 09, 2013
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/gnupg/1.4.12-7ubuntu1.2 https://launchpad.net/ubuntu/+source/gnupg2/2.0.19-2ubuntu1.1 https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu4.3 https://launchpad.net/ubuntu/+source/gnupg2/2.0.17-2ubuntu3.2 https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.4 https://launchpad.net/ubuntu/+source/gnupg2/2.0.17-2ubuntu2.12.04.3 https://launchpad.net/ubuntu/+source/gnupg/1.4.10-2ubuntu1.4 https://launchpad.net/ubuntu/+source/gnupg2/2.0.14-1ubuntu1.6
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!